Infrastructure-as-a-service (IaaS) provides basic computing resources that the customer can use to run software (both operating systems and applications) and to store data. IaaS allows the customer to transfer an existing workload to the cloud with minimal, if any, change needed.
The customer does not manage or control the underlying cloud infrastructure, but remains responsible for managing the OS and applications. IaaS removes the need to buy, house and maintain the physical servers and can provide the ability for an organisation to respond quickly to changing demand.
Platform-as-a-service (PaaS) provides an environment upon which the customer can use to build and deploy cloud applications. These applications may be for use by the customer or offered as a service to others. Building applications using PaaS means that they are inherently cloud-enabled and the PaaS provider also provides the service upon which these applications run. The benefits include no need for capital hardware investment and rapid deployment. The major downside is “lock-in” – most PaaS platforms are based on proprietary programming interfaces (APIs), so it can be very difficult to change provider at a later date.
Software-as-a-service (SaaS) provides an application and data that can be accessed via a network (usually the internet) using a variety of client devices such as web browsers and mobile phones.
The major benefit of SaaS is the immediate availability of a working solution for a specific business problem with no need for upfront investment. This is particularly valuable for areas such as mature business processes which are essential, well understood and need to be delivered at minimal cost. SaaS provides an opportunity for service providers to offer the best solution to this kind of problem at the lowest cost.
The risks associated with SaaS include loss of governance, data privacy issues and return of customer data. Mature business processes are often subject to regulations and laws, and organisations have invested heavily in IT to ensure compliance. Using SaaS means devolving control to the SaaS provider, and it is essential to have independent confirmation that the provider will comply with the regulatory requirements.
The SaaS provider also has control of the business data held by the service. Contracts need to specify how this data will be returned in a useable form at termination of contract to allow business continuity and provide flexibility to switch provider.